In revolutionary warfare, whoever controls what people think wins. To use a phrase from the sixties, it is a battle for hearts and minds. In the past few weeks, this battle was prosecuted with the technology of the nineties. The war is in East Timor in the Pacific Ocean but this battlefield was Connect Ireland, an Irish ISP in the back streets of Dublin.

East Timor is currently occupied by the Indonesian military and one of the sites on Connect Ireland, (http://www.freedom.tp)the East Timor Project, was providing information on events in the area. The Indonesian government is extremely antagonistic towards the establishment of a virtual country on the internet and against the sovereignty of East Timor in general. The Indonesian government is suspected of backing if not actually instigating these attacks. They were quoted in the Irish Times as saying that the virtual country should never have happened.

According to Martin Maguire, the probes had been ongoing for over nine months. They did not fit the usual script-kiddie/system cracker profile. This was evidently a planned attack. A planned rather than opportunistic attack builds up a profile of the target over a few months. A script kiddie attack would have the characteristic of periodicity - the IPs would be scanned in a particular sequence as would the ports. The more low key attack would be an aperiodic targeting of specific IPs and ports but it would have to be so low key as to appear as almost random and disconnected events. Over the past few months, the intensity of the attacks increased. Christmas was an excellent time to hide attacks among the script kiddie probes. And then the perpetrators managed to break into the DNS server.

For any DNS server such a breach would be a serious event. It was compounded by the fact that Connect Ireland administers the East Timor (.tp) domain. This was a clear attack on the .tp domain. The perpetrators had managed to, for a while at least, take over a virtual country.

What made this attack stand out from others was that the perpetrators came equipped with their own replacement for the .tp domain. They had created at least one domain, need.tp, within the .tp domain for themselves. The ultimate aim was to wreak a slow havoc with the integrity of and confidence in the East Timor domain. This aim was emphasised by the choice of such an emotive domain name as "need".

Connect Ireland's reaction was immediate. The connection to the internet was pulled and the whole system was upgraded and the software was hardened against future attack. The media also reacted swiftly with reports of the incident appearing on television, radio and the major news websites. It was a talking point on many of the web discussion boards where some people were willing to give everyone the benefit of their inexperience with real information war. Ironically one American poster latched on to the fact that need.tp had something to do with the cartoon characters Beavis and Butthead. By his reasoning, the perpetrators therefore were American script kiddies. Like many others, he had also misunderstood the scale of the situation by concentrating on the attack as being simple Denial of Service attack on the www.freedom.tp website.

In a simple military perspective, Indonesian forces may be decimating the East Timorese. However a website or information/propaganda site, that was putting over the East Timorese view was a major irritation to the Indonesian government. It also offered a rallying point for some three hundred East Timorese sites but was far more important because it offered a conflicting viewpoint to that propagated by the Indonesian government.

The objective for the Indonesian government action in this case would not be to initially take out a webserver. Instead it would have to disrupt the operation of .tp as a virtual country and create a lack of confidence in the integrity and stability of the domain. This would have been done by damaging the root server which in this case was Connect Ireland's and with the implication that there will be more attacks. This is the terrorism aspect.

Such an operation, if executed properly, would have to be deniable. The attribution on some web discussion boards of the attack to script kiddies with a Beavis and Butthead fixation was a good example of how this kind of misattribution is supposed to work. Ultimately it was deniable. None of the attacks seemed to originate from Indonesia.

Connect Ireland has issued a formal complaint to the Indonesian embassy in London. Of course with plausible deniability in place, The Indonesian government were apparently unaware that the attack had anything to do with it. The Irish government may also become more involved in the situation. While Connect Ireland was off the internet, they upgraded the system and software. The perpetrators, should they attack again, will have to begin from the start. However for the Indonesian government, they lost the battle for East Timorese hearts and minds a long time ago. The attack on Connect Ireland only served to reinforce this conclusion in the world's media.